Role Proficiency:

Provide support across SIEM or EDR technologies for global customers; ensuring the platforms are functioning as expected. Independently conduct checks and basic triage for global customers under minimal guidance of senior members of the team.

Outcomes:

Conduct Health checks for a single or multiple platform types following guidance and escalating issues observed escalating to a senior team member for review to ensure proper visibility of issues before they become incidents. Assist with service requests for platform types such as access requests as well as more targeted requests for specific modules on platform such as dashboard creation and query support. Investigation of larger issues supporting internal and external stakeholders. Provide assistance with maintenance activities to help with improving the understanding of architecture of supported platforms. Build a self awareness proficiency for supported toolsets. Generate relevant reporting as required for platforms being supported on a regular basis to help meet internal and external reporting requirements. Follow relevant in-life processes tracking any escalation pipelines and pathways required to ensure consistency of applications provided to the customer. Provide support and guidance to more junior members of the team assisting with their development.

Measures of Outcomes:

Percent of adherence to processes and methodologiesa.Percent of adherence to SLAs for in life ticketing processesb.Percent of adherence to workflows and the completeness of audit trails for any activities Productivity score maintaineda.Number of issues identified early in pinpoint problems with delivering tasks or workload.b.Number of issues with effective evidence provided for escalations during triage. Number of relevant change documentation reviewed on a regular basis; ensuring processes remain relevant for the broader team. Number of relevant skill related training and development activities undertaken; evidenced by certification.

Outputs Expected:

Platform Health Monitoring:

Support Service Requests and first level Incident support as well as assisting Junior Members. Proactive identification of issues
with behavioural analysis/patterns identified
with suggestions for resolutions. Conduct daily and regular occurring service tasks with minimal supervision to ensure daily operation of the platform supported.

Technical Expertise:

Develop and demonstrate comprehension and experience in a specific SIEM or EDR platform Using technology
identify and be able to implement technical solutions to issues with queries/rules/dashboards/data feeds

Customer Focus:

Ensure customer specific processes are being followed. Undertake mandatory and proactive learning and development opportunities.

Skill Examples:

Good communication skills Ability to be prepared to undertake background check/validation to ensure integrity. Aptitude in working with a/multiple SIEM or EDR technologies unsupervised. Capable in working as part of a shift Ability to share knowledge with peers and juniors Ability to work with querying data and the role of a SIEM/EDR Ability to demonstrate analytical skills working across multiple technologies and customers.

Knowledge Examples:

Knowledge Examples

Good communication skills Ability to be prepared to undertake background check/validation to ensure integrity. Aptitude in working with a/multiple SIEM or EDR technologies unsupervised. Capable in working as part of a shift Ability to share knowledge with peers and juniors Ability to work with querying data and the role of a SIEM/EDR Ability to demonstrate analytical skills working across multiple technologies and customers.

Additional Comments:

Security Automation Engineer- Logic apps CyberProof is a cyber security services and platform company whose mission is to help our customers react faster and smarter – and stay ahead of security threats, by creating secure digital ecosystems. CyberProof automates processes to detect and prioritize threats early and respond rapidly and decisively. CyberProof is part of the UST Global family. Some of the world’s largest enterprises trust us to create and maintain secure digital ecosystems using our comprehensive cyber security platform and mitigation services. CyberProof is looking for a talented Security Automation Engineer to join our dynamic team and contribute to the development and implementation of cutting-edge automation solutions to enhance our security operations. As an Automation Engineer, you will play a key role in designing, developing, and deploying automation solutions to streamline security operations, improve threat detection, and enhance incident response capabilities. You will collaborate closely with cybersecurity analysts, engineers, and other stakeholders to identify automation opportunities, assess requirements, and implement scalable and efficient automation workflows. The candidate should have a strong background in cybersecurity, be proficient in scripting, and have experience with SOAR platforms. Responsibilities: • Design, develop, and implement security automation workflows and playbooks using LogicApps to streamline and optimize security operations processes. • Integrate the SOAR platform with various security tools and technologies such as SIEM, endpoint protection, threat intelligence platforms, and other IT systems. • Design, develop, implement, and maintain automation scripts, tools, and workflows to automate routine security and integration tasks, including log analysis, incident triage, and response. • Maintain and improve the SOAR platform, ensuring its effectiveness and efficiency. • Collaborate with security analysts to understand their workflow and automate repetitive tasks, allowing them to focus on complex threat analysis. • Continuously evaluate new security technologies and update automation playbooks accordingly. • Participate in incident response efforts, providing automation support to accelerate detection, investigation, and remediation. • Measure and report on the effectiveness of automated processes, making improvements as necessary. • Provide technical support and troubleshooting assistance for automation-related issues. • Stay current with the latest cybersecurity trends and emerging technologies in security automation to drive innovation and continuous improvement. • Document automation processes, procedures, and best practices for knowledge sharing and training purposes. Requirements: • Minimum of 3 years of experience in cybersecurity, preferably within a SOC environment. • Hands-on Experience with security incident response and investigation processes. • Hands-on Experience with SOAR systems – playbook design and implementation. • Proven hands-on experience in automation development, scripting, and programming languages such as Python, PowerShell, or Bash. • Strong understanding of cybersecurity principles, technologies, and best practices. • Experience with security tools and technologies, including SIEM, IDS/IPS, endpoint security solutions, and threat intelligence platforms. • Strong analytical and problem-solving skills to identify automation opportunities. • Strong communication and collaboration skills, with the ability to work effectively in a team environment. • Ability to work independently; self-starter/self-motivated. Advantages: • Solid understanding of networking concepts, protocols, and architectures. • Experience with cloud-based service architecture. • Experience with ALM tools, especially Jira. • Relevant information security certifications are a plus.